Twitter login POST request in Periscope API

问题

I am trying to use Periscope API (https://github.com/gabrielg/periscope_api/blob/master/API.md) in my application. As in the API link I am trying to send POST request to https://api.periscope.tv/api/v2/loginTwitter?build=v1.0.2 with request body as following

{
    "bundle_id": "com.bountylabs.periscope",
    "phone_number": "",
    "session_key": "<twitter_user_oauth_key>",
    "session_secret": "<twitter_user_oauth_secret>",
    "user_id": "<twitter_user_id>",
    "user_name": "<twitter_user_name>",
    "vendor_id": "81EA8A9B-2950-40CD-9365-40535404DDE4"
}

I already have an application in https://apps.twitter.com/ but I don't know what to use as twitter_user_oauth_key and twitter_user_oauth_secret. Can you help?

回答1:

I must say https://github.com/gabrielg/periscope_api/ implementation is a bit complicated. Author using 2 sets of keys (IOS_* and PERISCOPE_*) when you actually need only one to access API. I didn't tried to broadcast but in my PHP library all other functions works without troubles with only what he call PERISCOPE_* set of keys.

You will get session_secret and session_key from Twitter after getting access to it as Periscope application.

So Periscope's login via Twitter process looks like

1. Request OAuth token via https://api.twitter.com/oauth/request_token
2. Redirect user to https://api.twitter.com/oauth/authorize?oauth_token=[oauth_token]
3. Wait for user login and get oauth_token and oauth_verifier from redirect url
4. Get oauth_token, oauth_token_secret, user_id and user_name via request to https://api.twitter.com/oauth/access_token?oauth_verifier=[oauth_verifier]

5. Send request to https://api.periscope.tv/api/v2/loginTwitter

     {
       "bundle_id": "com.bountylabs.periscope",
       "phone_number": "",
       "session_key": "oauth_token",
       "session_secret": "oauth_token_secret",
       "user_id": "user_id",
       "user_name": "user_name",
       "vendor_id": "81EA8A9B-2950-40CD-9365-40535404DDE4"
     }
   

6. Save cookie value from last response and add it to all JSON API calls as some kind of authentication token.

Requests in 1 and 4 steps should be signed with proper Authorization header which requires Periscope application's consumer_key and consumer_secret. While consumer_key can be sniffed right in first step (if you are able to bypass certificate pinning) consumer_secret never leaves your device and you can't get it with simple traffic interception.

There is PHP example of login process https://gist.github.com/bearburger/b4d1a058c4f85b75fa83

回答2:

Periscope's API is not public and the library you are referring to is sort of a hack.

To answer the original question, oauth_key & oauth_secret are keys sent by your actual device to periscope service. You can find them by sniffing network traffic sent by your device.

来源：https://stackoverflow.com/questions/31854771/twitter-login-post-request-in-periscope-api